读取主机证书并将其输出到 Splunk
Read Certificates of Host and output it to Splunk
我脑子有问题,不知道怎么解决。
我有以下脚本:
$CorrelationId = New-Guid
$Server = Get-WMIObject Win32_ComputerSystem| Select-Object -ExpandProperty Name
$getcert= Get-ChildItem cert:\LocalMachine\My -Recurse | Where-Object {$_ -is [System.Security.Cryptography.X509Certificates.X509Certificate2] -and ($_.NotAfter -lt (Get-Date).AddDays(45)) -and($_.Issuer -eq "CN=test.at, DC=ds, DC=test, DC=at")} | Select-Object -Property Issuer, NotAfter, Subject, FriendlyName
$notafter = $getcert.NotAfter
$Subject = $getcert.Subject
$issuer = $getcert.Issuer
$FriendlyName= $getcert.FriendlyName
Write-Log -D Console,Splunk -L Info -A Servercertificate -M " Certificate $Subject on Host $Server with issuer $issuer and FriendlyName $FriendlyName expires at $notafter" -CorrelationId $CorrelationId -EventId 1
只要我只有 1 个证书,它就可以正常工作,但如果我有多个证书,它就会连线。
我知道可以用 foreach 解决这个问题,但我不知道该怎么做。
感谢您的帮助
如果您的 Write-Log 命令按预期工作,并且您希望每个证书都有一个唯一的 CorrelationId,那么它应该相当简单。
例如:
$Server = Get-WMIObject Win32_ComputerSystem| Select-Object -ExpandProperty Name
$getcert= Get-ChildItem cert:\LocalMachine\My -Recurse | Where-Object {$_ -is [System.Security.Cryptography.X509Certificates.X509Certificate2] -and ($_.NotAfter -lt (Get-Date).AddDays(45)) -and ($_.Issuer -eq "CN=test.at, DC=ds, DC=test, DC=at")} | Select-Object -Property Issuer, NotAfter, Subject, FriendlyName
foreach ($cert in $getcert) {
$CorrelationId = New-Guid
$notafter = $cert.NotAfter
$Subject = $cert.Subject
$issuer = $cert.Issuer
$FriendlyName = $cert.FriendlyName
Write-Log -D Console,Splunk -L Info -A Servercertificate -M " Certificate $Subject on Host $Server with issuer $issuer and FriendlyName $FriendlyName expires at $notafter" -CorrelationId $CorrelationId -EventId 1
}
我脑子有问题,不知道怎么解决。
我有以下脚本:
$CorrelationId = New-Guid
$Server = Get-WMIObject Win32_ComputerSystem| Select-Object -ExpandProperty Name
$getcert= Get-ChildItem cert:\LocalMachine\My -Recurse | Where-Object {$_ -is [System.Security.Cryptography.X509Certificates.X509Certificate2] -and ($_.NotAfter -lt (Get-Date).AddDays(45)) -and($_.Issuer -eq "CN=test.at, DC=ds, DC=test, DC=at")} | Select-Object -Property Issuer, NotAfter, Subject, FriendlyName
$notafter = $getcert.NotAfter
$Subject = $getcert.Subject
$issuer = $getcert.Issuer
$FriendlyName= $getcert.FriendlyName
Write-Log -D Console,Splunk -L Info -A Servercertificate -M " Certificate $Subject on Host $Server with issuer $issuer and FriendlyName $FriendlyName expires at $notafter" -CorrelationId $CorrelationId -EventId 1
只要我只有 1 个证书,它就可以正常工作,但如果我有多个证书,它就会连线。
我知道可以用 foreach 解决这个问题,但我不知道该怎么做。
感谢您的帮助
如果您的 Write-Log 命令按预期工作,并且您希望每个证书都有一个唯一的 CorrelationId,那么它应该相当简单。
例如:
$Server = Get-WMIObject Win32_ComputerSystem| Select-Object -ExpandProperty Name
$getcert= Get-ChildItem cert:\LocalMachine\My -Recurse | Where-Object {$_ -is [System.Security.Cryptography.X509Certificates.X509Certificate2] -and ($_.NotAfter -lt (Get-Date).AddDays(45)) -and ($_.Issuer -eq "CN=test.at, DC=ds, DC=test, DC=at")} | Select-Object -Property Issuer, NotAfter, Subject, FriendlyName
foreach ($cert in $getcert) {
$CorrelationId = New-Guid
$notafter = $cert.NotAfter
$Subject = $cert.Subject
$issuer = $cert.Issuer
$FriendlyName = $cert.FriendlyName
Write-Log -D Console,Splunk -L Info -A Servercertificate -M " Certificate $Subject on Host $Server with issuer $issuer and FriendlyName $FriendlyName expires at $notafter" -CorrelationId $CorrelationId -EventId 1
}